VulnScope — 以套件為主體的 CVE 查詢工具

搜尋

43,239 筆結果

嚴重程度:CRITICAL HIGH MEDIUM LOW|生態系:npm PyPI Maven Debian Alpine|⚠ 只看 KEV

HIGH7.3CVE-2026-11417aws-cdk-lib: OS Command Injection in NodejsFunction Bundling2026/6/15
MEDIUM5.3markdown-it: Quadratic complexity DoS in smartquotes rule via replaceAt string operations2026/6/15
HIGH7.5Starlette: request.form() limits silently ignored for application/x-www-form-urlencoded enable DoS2026/6/15
MEDIUM5.3OpenTelemetry Core: Unbounded memory allocation in W3C Baggage propagation2026/6/15
HIGH7.5python-multipart: Quadratic-time querystring parsing with semicolon separators causes CPU denial of service2026/6/15
HIGH7.7Tornado: Authorization header forwarded across cross-origin redirects in SimpleAsyncHTTPClient2026/6/15
HIGH7.5tornado AsyncHTTPClient accumulates decompressed chunks without size limit (gzip bomb)2026/6/15
HIGH7.5Starlette: SSRF and NTLM credential theft via UNC paths in StaticFiles on Windows2026/6/15
MEDIUM5.3Starlette: Arbitrary HTTP method dispatched to `HTTPEndpoint` attributes via `getattr`2026/6/15
MEDIUM5.3UAParser.js: Unbounded `Sec-CH-UA-Model` parsing can trigger ReDoS in `withClientHints()`2026/6/15
HIGH8.2protobufjs-cli: Code injection in pbjs static output from crafted JSON descriptor names2026/6/15
MEDIUM5.3protobufjs: Memory amplification from preserved unknown fields in binary decode2026/6/15
MEDIUM6.1DOMPurify: Cross-realm IN_PLACE sanitization leaves executable markup intact via realm-bound `instanceof` checks2026/6/15
MEDIUM6.1DOMPurify: IN_PLACE mode preserves attributes of a clobbered root element, allowing XSS via attacker-controlled root DOM2026/6/15
HIGH7.5protobufjs: Denial of service through unbounded Any expansion during JSON conversion2026/6/15
MEDIUM5.3protobufjs : Schema-derived names can shadow runtime-significant properties2026/6/15
MEDIUM5.3JS-YAML: Quadratic-complexity DoS in merge key handling via repeated aliases2026/6/15
HIGH8.2tmp: Type-confusion bypass of _assertPath allows path traversal via non-string prefix/postfix/template2026/6/15
HIGH7.5ws: Memory exhaustion DoS from tiny fragments and data chunks2026/6/15
MEDIUM6.8In OpenStack Ironic through 35.0.1, when applying a PATCH to update fields in volume properties the user is authorized for, Ironic can retu…2026/6/14
MEDIUM6.3Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') vulnerability in ninenines cowlib allows HTTP…2026/6/13
MEDIUM6.9Netty susceptible to HTTP/2 Reset Attack with different on-the-wire signature2026/6/12
HIGH7.5Netty HTTP/3 QPACK Blocked Streams Memory Exhaustion2026/6/12
HIGH7.5Netty: Wrapping plain trust manager silently disables hostname verification2026/6/12
HIGH7.5Netty: Unbounded pre-allocation in RedisArrayAggregator from RESP array length2026/6/12

第 1 / 1730 頁下一頁 →